Today’s businesses have a lot of dependency over IT devices the network that connects them. Devices like computers, smartphones, tablets, printers, routers, security systems, etc. are now common in any small business setup; bigger ones can have even more advance equipments to carry out business operations. It is imperative that these devices work flawlessly and in coordination with each other to achieve business objectives. Technology empowers businesses and allows them to be more efficient, mobile and flexible. Technology helps business grow by automating tasks and streamlining communication with vendors, suppliers and customers. Portable computing devices, specially smartphones, have made it possible to do business on the go. Business owners can check critical information, review orders/delivery status, production status, etc. by connecting their smartphones with the corporate network. Since accessing corporate resources by mobile devices has become a business necessity now, it becomes imperative to safeguard network from intruders.

Image: A corporate infrastructure depends on many devices working together and connected by a secure network

What businesses networks needs security from?

There are a lot of factors that can affect a business network and eventually operation. A business network going down will result in ceased operations and eventually losses. Business networks face constant threats form malware, cyber threats, hacking attempts, data security incidents, etc. There are threats and intruders that are trying to get in to your business network to steal business sensitive data and disrupt operations. It can incur huge losses and even drain money out of your business. Motivation behind cybercrimes is not always money though. They can even be committed to test the ability to do it or just for fun. Technology and connectivity has proven to be a boon for businesses, however cyber criminals use this boon as a weapon.

It is a complex task to monitor every user accessing your network, particularly if it is a large network with several devices and users. Businesses have been using passwords to authenticate identity of their users getting on to the business network. Passwords have been largely used to establish confidence in user identity, i.e. authentication of user identity. They have been doing good job, until now.

Where did passwords go wrong?

In a study, conducted by Verizon Enterprises, it was found that weak, stolen and default passwords are a major reason of data breaches. Establishing a well-defined password complexity policy can make users avoid weak and default passwords, however, it does not come without side effects. Imposing password complexity compromises user friendliness part of the login process. Users tend to forget complex passwords and password reset process can consume a lot of time of employees, resulting in hampered productivity and missed deadlines. A countermeasure should be good enough to avoid weak/default password without introducing more red tapes to the login process. Complex password not only takes toll on employee productivity, they also incur additional expanses in form of resource (both human and IT) required for processing password reset calls. IT helpdesk might require one (or more) dedicated staff to process such calls.

Methods of authentication that are currently in use are largely based on “what a user knows”, factor of authentication. Passwords, PINs, security questions fall in this category. These methods of authentication alone are not sufficient to keep business network safe from unauthorized access. Users tend to forget complex passwords very easily, however, they cannot be blamed for it. Every next service going online require users to create an account with a password to protect it, and almost all of them now have a policy for minimum password complexity. This results in more and more passwords to remember. On the other hand, passwords are phishable, breachable, guessable and prone to cracks. Other than online and offline attacks, there are also other ways of attacks against passwords, for example via key loggers, shoulder-surfing, social engineering, etc.

Passwords can also be prone to Pass the Hash (PtH) attacks which often go unattended in mainstream IT security discussions. Pass the Hash is a hacking technique that allows a hacker to authenticate to a remote server or service by using the underlying NTLM or LM hash of a user’s password. For hackers, it eliminates the need of presenting plaintext password. To perform Pass the Hash attacks, hackers use different tools and methods to first obtain user name and password hash values. These hash values can be used to authenticate to a remote server using LM or NTLM authentication. LAN Manager (LM) and NT LAN Manager (NTLM) are the methods for the hashing of user passwords on Microsoft Windows based operating systems.

These many shortcomings with passwords for network security have compelled IT security experts to look elsewhere.

Biometrics: future of user authentication

It is getting increasingly complex to achieve security objectives with passwords in today’s fast paced digital environment. Today, when even high value transactions are being performed just on taps and clicks, password based user authentication presents an obsolete, sluggish and inadequate experience. When a password prompt occurs, a user has to dedicate his complete attention to the screen, recall the password of particular service and type it. If the user is on the move, he/she might not even be able to type right password on a touch keypads. Amid this password anarchy, biometrics authentication techniques offer a hope for the future of user authentication. When a user’s very own anatomical or behavioral characteristics are used to authenticate him/her for granting or denying access to a service, nothing is left to chance.

Biometrics identifiers are measurable characteristics of an individual that can be used to establish and verify his/her identity. These characteristics do not repeat in others. A user’s biometric identifiers are majorly categorized into categories: Physiological and Behavioral. Physiological biometric characteristics naturally form in/on the body of an individual, for example fingerprints, iris pattern, vascular pattern, retina, etc. Behavioral biometric identifiers, on the other hand, are the characteristics that develop overtime and are believed to persist during the life time of an individual, for example: voice, gait, signatures, etc. Voice biometrics is considered to be dependent on both physiological as well as behavioral reasons. Biometric characteristics, however, may be affected certain environmental or biological reasons, like work environment or a disease.

Business network security with fingerprint login

Manufacturers are now adding fingerprint authentication ability on more and more equipments and devices. Integration of fingerprint authentication ability on a device is not just about adding a fingerprint sensor. Its operating system has to complement the sensor to make use of it, or it should be managed at the OEM’s end. Fortunately, recent versions of popular OSes like Windows, Android, Mac OS and iOS have biometric ability integrated within the OS itself. Fingerprint recognition, which is the most popular biometric recognition method among the users as well as manufacturers, is set to make a huge shift in user authentication practices. Now most mobile devices launch with a fingerprint sensor and according to a report from Counterpoint Research, more than one billion smartphones with fingerprint sensor will be shipped in 2018. Service providers and app makers, which are yet to jump on the biometric bandwagon, can feel motivated by these figures.

Despite the increasing trend of devices with fingerprint sensors, there are mainstream computing devices like desktops and servers that often do not come equipped with inbuilt fingerprint hardware. These devices can make use of fingerprint sensors which are separately available and ready to be integrated with external devices. They are cheap, compact and can be easily setup to ensure business network security with fingerprint login. Using fingerprint for network and device login can dramatically improve the identity management practices within an organization. It not only addressees the shortcomings associated with passwords, but also reduce the cost associated with IT helpdesk operations. Using fingerprint recognition eventually reduces information security incidents, which results in saved money that the security incidents would have claimed, had they taken place.

Conclusion

According to IBM X-Force Threat Intelligence Index, year 2016 witnessed data breaches that IBM calls “Larger than Life”. More than billion records were affected by incidents like DDoS attacks, leaks, ransomware, vulnerability disclosure, and spams. It is a scarier fact that a large number of these attacks had a portion of inside job that initiated or participated in the incident. Increasing numbers of threats from the internet as well as insider jobs have made organizations concerned about their network security. Device manufacturers and system software makers are constantly working together to improve identity management practices on devices. A secured device is first step toward a secure network and with fingerprint biometrics improving day by day; organization can have peace of mind and concentrate on business rather than network security.

About The Author

Danny Thakkar is the co-founder of Bayometric, one of the leading biometric solution providers in the world. He has helped large organizations like Pepsi, America Cares, Michigan State and many other medium and small businesses achieve their identity management needs. He has been in the Biometric Industry for 10+ years and has extensive experience across public and private sector verticals. Currently, he is chief evangelist for Touch N Go and blogs regularly at www.bayometric.com and www.touchngoid.com.